IETF Logo Mail Archive

Re: [ogpx] Names, Identity and Protocol elements

Morgaine <morgaine.dinova@googlemail.com> Tue, 09 March 2010 16:50 UTC

Return-Path: <morgaine.dinova@googlemail.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 339603A6816; Tue, 9 Mar 2010 08:50:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[AWL=-0.013, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_32=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X+7+YTE9bRPG; Tue, 9 Mar 2010 08:50:40 -0800 (PST)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id 9C1043A67E4; Tue, 9 Mar 2010 08:50:39 -0800 (PST)
Received: by wwf26 with SMTP id 26so2739378wwf.31 for <multiple recipients>; Tue, 09 Mar 2010 08:50:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=xcfciW3M5xFV7EerWsN3m7nSTwGIB1USRU5kHSk7HeA=; b=KM90MeWViARY4icZewQDbQnzuTLrrRskD4UHaQS5uNdKtwglkLAWTRsxmCwOImVZSw 0oP+89nV+8SzHYzhOjBnjBK9HvUg/Aq3XPL0x7jNuKld6rJfJTxJ3EZpEbEgLikbG0V4 36vT8+PW3tHDkB9Mf1JcI4lccMbM0bhmR/ycY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=OJUnWRgIhtULMdNWZcBCuSm19HwXpyrx4XbtVg20QSOQRwMY/XkBGCYS23KOuVBvrs JXTk1sNJs5QJQDa1J74SrJbuMEvJo0CYxCSW7MfxsD2Dr6yabH0OLWFi4ohSIxgrWf99 gVsZO2WKQy4PX2zWwBL84Ofgw64sZPeMzhC+Q=
MIME-Version: 1.0
Received: by 10.216.85.198 with SMTP id u48mr5138wee.225.1268153439333; Tue, 09 Mar 2010 08:50:39 -0800 (PST)
In-Reply-To: <OF08A0727E.FC0613D9-ON852576E1.0052B56E-852576E1.005749F5@us.ibm.com>
References: <20100306142607.GB24621@alinoe.com> <e0b04bba1003061239n5a0f2957w6a506222b5e533ce@mail.gmail.com> <20100307003856.GA26690@alinoe.com> <e0b04bba1003062133s7aac5474qd88de97c78734d86@mail.gmail.com> <20100307143735.GA20862@alinoe.com> <e0b04bba1003070741g114b5ab4yac0794991e58f77f@mail.gmail.com> <OF7DE90FC3.6FB8061F-ON852576E0.007C24F8-852576E0.007C5FF9@us.ibm.com> <OF08A0727E.FC0613D9-ON852576E1.0052B56E-852576E1.005749F5@us.ibm.com>
Date: Tue, 09 Mar 2010 16:50:39 +0000
Message-ID: <e0b04bba1003090850u7c83f3c3nd37aa9ce085761a7@mail.gmail.com>
From: Morgaine <morgaine.dinova@googlemail.com>
To: David W Levine <dwl@us.ibm.com>
Content-Type: multipart/alternative; boundary="0016e6d99b8345b2cd048160fba9"
Cc: ogpx-bounces@ietf.org, ogpx@ietf.org
Subject: Re: [ogpx] Names, Identity and Protocol elements
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2010 16:50:46 -0000

+1 to David.  This corner has a lot of cobwebs in it and needs dusting.

As David identifies, common usage and current service policy have got all
mixed up with mechanism in this area.  They need separating so that users of
VWRAP are not bound by someone else's business choices.

David's point about the need to drill down and uncover the underlying
identity in some scenarios is particularly relevant, as it highlights how
certain choices are totally local rather than generic to the protocol.  For
each party that has a requirement to uncover underlying identity, there is
another party that has the requirement that underlying identity *MUST
NOT*be uncoverable.

What's more, issues of privacy, security, and immersionism vs augmentism,
weigh in on both sides of the argument, so this is not a simple area.

As always, the only way we can tread a safe path through this horrible
thicket is by separating mechanism from policy entirely in VWRAP.


Morgaine.




=================================

On Tue, Mar 9, 2010 at 3:53 PM, David W Levine <dwl@us.ibm.com> wrote:

>
> There have been a couple of comments on the use of "first name" "last name"
> within the current specifications.
>
> I think we need to be very careful to sort out the various uses of "name"
> and "identity" in what VWRAP sets out to do.
>
> There are a number of uses, and I suspect they are currently tangled up,
> because there has been no reason to fully
> separate them.
>
> How are "names" used?
>
> To start with there is the "user information" used when logging on to an
> authentication service. There is then the identity which
> that login asserts. These may not be the same. There is then the display
> name used to tell other users who I am, and lastly, but
> in many ways most importantly, one wants a clean, globally usable token
> that can be used by services to identify the end user.
>
> In Second Life, and in OpenSim, the "user information" has historically
> been "First Name" "Last Name". This is combined with
> a password, and gets one logged in. It so happens that the display name is
> the same as the user information provided at login.
> This isn't universal. In the Second Life Enterprise product, I login using
> my Corporate LDAP credential. This means my
> "User information" is "dwl@us.ibm.com" but when I log on, my Avatar's name
> is pulled from LDAP and shows up as "David Levine"
>
> In both Second Life and OpenSim, the user ends up being associated with a
> UUID. This is fairly acceptable in a closed grid
> but in a world with multiple grids, while the UUID is likely to be unique
> (If not, what is the point of the Unique in UUID?) We really
> would like to associate a user's identity not with just a token, but a
> source. In the current specifications, this is partly implied by
> the agent domain to which the user logs in. One can reasonable argue that
> "Jane Smith validated by the Agent Domain at Walters
> RackHaus SimHosting" is the implicit name when that agent domain presents
> "Jane Smith" to a region. There are at least two
> concerns lurking here. In the SLE case I mentioned above, Jane Smith's
> identity, isn't really anchored in the corporate Agent
> Domain, but the underlying LDAP, and in many ways, that is something I want
> to know about. This is equally cogent when we
> want to permit OpenID or Oauth to participate in the process of managing
> authentication and identity.
>
> The point about the underlying authentication also becomes interesting when
> we want to provide secure access to
> meta data about the user. The current teleport writeup includes a bunch of
> meta data, such as whether the user has
> provided a credit card, whether they are adult (by a  unspecified metric)
>  This is good and useful information, but we
> probably need to cleanly separate it from identity, and tie it to the
> source. This becomes especially cogent when
> one has more and more services which want to apply policy based on the
> user's identity and meta-data.
>
> I think we probably need to walk through our use cases, and make sure we've
> got all the major bases covered.
> At a minimum, I think we need to cleanly separate out "Login information"
> from "Display Name"  I think we also need
> to expose the basis of authentication, and we need to expose a path to
> identify and manage meta-data about the user.
> It is far less useful to know that a "rez_avatar" request includes the
> tuple (Age_verfied,True) if I cannot determine the
> source of that validation. (or, "Corporate Employee, "Corporation name")
> again, without a source and a path to validate
> the source.
>
> - David
> ~ Zha
>
>
>
> _______________________________________________
> ogpx mailing list (VWRAP working group)
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx
>
>

v2.41.0 | Report a Bug | By Email | System Status